Russian crims aim to repeat cyber heist
Russia’s cyber-attack on the medical records of Australians was a ‘low act’ that Moscow would seek to repeat against other key strategic assets, Matt Thistlethwaite has warned.
Russia’s cyber-attack on the medical records of Australians was a “low act” that Moscow would seek to repeat against other key strategic assets, including the Australian Defence Force, Assistant Defence Minister Matt Thistlethwaite has warned.
His comments came as the hacking group behind the Medibank data heist leaked more customer data to the dark web, ahead of a critical company shareholder meeting on Wednesday.
The compromised data is thought to include 500 records, including 46 from previous lists, and includes people with chronic conditions such as heart disease, diabetes and asthma, as well as patients with mental illnesses including delirium, a temporary condition that particularly effects elderly patients.
Mr Thistlethwaite said the country needed to do more to minimise its cyber vulnerability by using Australian-only supply chains to cut out risky foreign operators wherever possible.
“We have to have the capacity on Australian soil to protect Australian data,” he told The Australian.
Mr Thistlethwaite was speaking after the government last week launched a joint taskforce of the Australian Federal Police and the Australian Signals Directorate to “hack the hackers” and disrupt cyber attacks before they occurred.
He said the recent hack by a suspected Russian criminal group against health insurer Medibank was “a low act which compromised the personal data of Australians, which is why we must work as closely as we can with business to protect Australian data in the future”.
The latest release of Medibank records comes after almost 10 million current and former Medibank customers had their personal data exposed in one of Australia’s biggest cyber heists.
Other information stolen by the Russian hackers – who accessed Medibank’s customer database after buying one of the company’s high level logins from an online criminal forum – include the names, dates of birth, phone numbers, email addresses and some Medicare and passport numbers of policyholders.
Mr Thistlethwaite was speaking at the launch in Sydney of the Australian headquarters of the Defence-backed British company SoftIron, which seeks to create sovereign capability in critical data infrastructure like cloud services. “We know Australia needs to improve its supply chain resilience but we also need to make sure we have the capacity on Australian soil to protect Australian data and that’s what this (SoftIron) facility will be devoted to,” he said.
Suspected foreign hackers had recently launched an attack on a social media site used by Defence Force personnel, Mr Thistlethwaite said, although there was no evidence any information stolen had been published on the dark web. “We know these international actors and private organisations are seeking to infiltrate corporations, government and individual’s personal data,’’ he said. “That’s the challenge we have.”
SoftIron is an IT infrastructure provider that manufactures and assembles its own equipment to reduce foreign interference risks.
SoftIron chief operating officer Jason Van der Schyff said recent events had made it clear sovereign capability in data protection was critical.
“Aside from exposing Australian companies to an unacceptable business risk, our reliance on foreign-manufactured componentry has increased the risk of malicious state actors introducing covert hardware or firmware during the manufacturing process,” he said.
Labor ‘is naive on threat of evil axis’
One of the country’s leading defence analysts says the Albanese government has gravely underestimated the threat posed by the growing alliance of China, Russia, Iran and North Korea.
Keating takes swipe at AUKUS ministers meeting
Former prime minister Paul Keating has slammed the AUKUS alliance partners for failing to respond to concerns about the future of Australian military sovereignty.